Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-4167

if runners permission is empty, every authenticated user can view the notebook

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.8.0
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      Upgrading from 0.7 we realised that all notebooks are listed and can be opened and can be viewed by all authenticated user. We have found that runners permission was empty in the gui and was not there as a key in notebook-authorization.json. Because of this all notebooks become readable for all authenticated users.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              hegand András Hegedüs
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: